-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Question #9
Comments
also, is it possible to scan a text file with multiple URL addresses? i.e Cheers |
I added the possibility to add targets over stdin. $ cat target.txt | ./scan4log4shell remote url or $ crawler | ./scan4log4shell remote url Unfortunately, the program does not have its own crawler |
Hi, That’s great, we can copy and paste on the target.txt file the URLs from Burp. Thank you very much. Cheers |
it seems it can't stand these commands
|
Are you using the correct version v1.2.0? |
Oh, I'm really sorry, it seems I was using the old version. my bad! Thanks |
Works like a charm now! btw, last question, if the list of url addresses I scan is large, when the scanner finds a vulnerability does it stop or will it report them at the end when it finishes scanning? |
or there is the option instead of interactsh to use Burp collaborator and then we see in real time when it finds an interaction? |
The scanner does not stop. All targets are always scanned. Various catchers (TCP, DNS, LDAP) are included. Burp is not yet supported. But you can easily extend it: scan4log4shell/internal/catcher.go Lines 18 to 23 in 7816779
Your welcome to create a pull request |
Hi,
Please tell me if this tool scans only the main index or there is a option to crawl and test the entire site? I'm sorry to ask, but I haven't seen anything about this.
Thank you
The text was updated successfully, but these errors were encountered: